HTTP Proxy and VPN musings at IIT Guwahati.

Necessity is the mother of invention

I spent 4 years of my life playing with HTTP Proxies and VPNs. My college, IIT Guwahati had a very restricted system for accessing Internet and sadly, is still continuing with the same system. The only way one can access Internet is through the proxies that are given to students when they join.

What is a HTTP Proxy?

An HTTP Proxy is a server that receives requests from your web browser and then makes the request to the Internet on your behalf. It then returns the results to your browser.

proxyserver

So basically anyone at the proxy server can see the what you are browsing.

HTTPS Traffic

The port 443 was also blocked at my college. The proxy allows one to tunnel HTTPS traffic on HTTP by first initiating a HTTP Connect. You can read about HTTP Connect Tunneling if you want to know more.

Restrictions at IIT Guwahati

All the ports to the external world were blocked by the firewall. Because of this, the only way to connect to the outside world was through HTTP Proxy. Websites worked fine because they work on top of HTTP.

Due to these restrictions, a student cannot use any protocol which is not on top of HTTP or use any other service which is not HTTP based. This means ssh, ftp, bittorrent, websockets, p2p won't work for students.

Also the students were not allowed to use Internet during daytime (8am - 5pm) and night (2am - 5am) on working days i.e. Monday to Friday.

How to get around these restrictions ?

These restrictions forced and motivated me to explore various techniques to circumvent these restrictions. I am documenting most of the techniques in this blog post.

Unblocking Ports
  1. Using VPN
    A lot of VPN technologies now work over on top of HTTP or HTTPS. I had a Azure subscription, thanks to my MSDN subscription. I popped up a Ubuntu VM on Azure's East Asia Datacenter, installed the very popular Openvpn server on it and configured the client configuration file and it was good to go. You can try this without a VM by buying a $4 EarthVPN subscription and installing the client.

    The Squid proxy server installed in our institute used to load balance the current open connections. Openvpn opens a single HTTPS to the remote server because of this, you won't be able to utilize the best speeds provided by the proxy server. So I wanted a VPN server which can open multiple parallel connections. This led me to trying SoftEtherVPN. You can read about it here

    SoftEther VPN Ubuntu/Linux Client Configuration behind HTTP Proxy

  2. Using TOR
    Tor is an amazing piece of software whose main purpose in anonymous communication. Don't confuse it with torrents that people use to download stuff.
    Since Tor works on top of HTTPS and sets up a local SOCKS proxy, it can be used to unblock ports. When using Tor, your browser/apps use the local SOCKS proxy created by Tor software. The data is then encrypted and sent to various exit node via bridges(intermediate nodes). The exit node establishes a connection to the website on your behalf.
    Since SOCKS proxy allows tunnelling of TCP and UDP packets, all the ports are unblocked for you.
Unblocking Internet

The main idea for the next two techniques is the loophole that the proxy server doesn't interrupt the existing HTTPS connections when the NO INTERNET time starts. Only new connections are blocked. So if you can have a established HTTPS connection which doesn't time out, you can tunnel all the connections on top of it and enjoy Internet during those blocked hours given that this connection was established before the blocking of connections started.

  1. HTTPS based VPN
    If you can setup a connection to the VPN server before the blocking starts, you can continue to enjoy internet using that VPN connection.
  2. Using Tor
    Since TOR is also based on top of HTTPS, if you can connect to Tor before blocking starts, you can surf freely and anonymously.
  3. SSH Tunneling
    If you can get hold of some guest account on a computer on which the Internet is not blocked and that computer is reachable from your laptop, you can setup a SSH tunnel using that computer to enjoy Internet during odd hours. You can also setup a cascading proxy and let your friends also enjoy the Internet.

The last technique was basically a life saver for me and my friends during the last year of my college.

10.0.3.61:8361 and 172.16.27.23:8361

I will long remember these proxy server address in my life.

PS - Comment to discuss in deep about any of the topics.
Image Credits - Vikramjit Kakati

comments powered by Disqus